How to issue a CSR with out SAN


#1

Hi,
because i’m using HPKP i created 2 Backup CSRs following this tutorial: https://scotthelme.co.uk/hpkp-http-public-key-pinning/
As the tutorial didn’t mention the subjectAltName filed and didn’t know much about certificate issuing at the time i did not set my domain name in the san field of the csr.
Now as my certificate is going to expire tomorrow i wanted to get a new certificate. For that i have to use my existing CSRs because their hash pin is known to the bowsers of my users.
I this: ./letsencrypt-auto certonly --csr my.domain.csr -d my.domain
and got: Unfortunately, your CSR needs to have a SubjectAltName for every domain. (That is also the only message in letsencrypt.log)
Is there any way i can get a certificate for my domain from my existing CSR files?

Any help is appreciated


#2

If you still have access to the private key, you should be able to use it to generate a new CSR with the same pin hash (because the hash is derived from the public key, not the full CSR).


#3

Thank you so much. This solved the problem


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.